Multiple flights across India grounded after SpiceJet airline hit with ransomware
Hundreds of people are stranded at airports across India after the SpiceJet airline reported on Wednesday that it was hit with a ransomware attack.
The company told The Record that the incident impacted several flights, particularly at airports where there are restrictions on night operations.
“While our IT team has to a large extent contained and rectified the situation, this has had a cascading effect on our flights leading to delays,” a SpiceJet spokesperson said. “SpiceJet is in touch with experts and cyber crime authorities on the issue.”
SpiceJet publicly confirmed the ransomware attack on Twitter, but dozens of customers responded with complaints about the company’s response to the issue. Several said they were stranded at airports, and some had even boarded flights before being told the planes could not take off because of technical issues. The company later admitted that some flights were being cancelled because of the attack.
Many of the company’s web pages also were not working as of Wednesday afternoon, Eastern time, in the U.S.
SpiceJet is a low-cost airline and the second-largest in India based on the number of domestic passengers it carries — about 12 million a month.
Based in Delhi and Hyderabad, the airline typically has about 630 flights per day and operates in 54 Indian cities as well as 15 other locations internationally.
This is not the airline’s first cybersecurity issue. In 2020, TechCrunch reported that a security researcher managed to hack into SpiceJet’s systems and gained access to the information of 1.2 million passengers, including several government officials.
India’s national carrier Air India said in May 2021 that a data breach at one of its software providers exposed the personal information of more than 4.5 million passengers that used its services.
In August 2021, Bangkok Airways admitted that hackers with the LockBit ransomware gang stole passenger information during a security breach following a ransomware attack.